TAILMON TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (Now available in AMTM!)

[bearly_an_enthusiast]

Thanks for the info @bearly_an_enthusiast.


It's not entirely clear whether you've tried this but you need to be accessing the router using its 192.168.50.1 address (rather than hostname.tailfXfXX.ts.net) as this is what httpd(s) and dropbear are listening on. hostname.tailfXfXX.ts.net would resolve to something like 100.66.22.55 which won't work.

You might have more luck using hostname.tailfXfXX.ts.net if tailscale was running in Userspace mode rather than Kernel mode as that replaces the entire network stack and performs various "tricks". But I haven't tested this theory.

Thanks for the info and help. I would rather make the switch to Userspace mode to get this to work. Can anyone confirm that WebUI + SSH work with Userspace? And are there any benefits to running TailScale in Kernel over Userspace or vice versa?

 

[ColinTaylor]

Thanks for the info and help. I would rather make the switch to Userspace mode to get this to work. Can anyone confirm that WebUI + SSH work with Userspace? And are there any benefits to running TailScale in Kernel over Userspace or vice versa?

Can you test whether using 192.168.50.1 does work for your WebUI, just so that we can confirm your setup is working as expected and there's not some other issue.

-----------------------------------

EDIT: (using hostname.tailXXXXX.ts.net to access the router)

As per your first post, you could use tailscale serve to act as a proxy server for the router's WebUI as the httpd(s) daemons also listen on the loopback interface. For example,

tailscale serve --bg 80

or

tailscale serve --bg https+insecure://localhost:8443

Using the --bg option should allow the proxy server to persist across reboots.

tailscale serve command · Tailscale Docs

Learn about the `tailscale serve` CLI command.

tailscale.com

Unfortunately you can't use tailscale serve for SSH as it only supports localhost connections and dropbear doesn't listen on localhost. But I've found that tailscale's web SSH interface works quite well.

Tailscale SSH · Tailscale Docs

Use Tailscale SSH to manage the authentication and authorization of SSH connections on your tailnet.

tailscale.com

-----------------------------------

Alternatively you could switch to Userspace mode (as that already acts as a kind of proxy) to access the WebUI. But again, this doesn't help for SSH access.

Kernel vs. netstack subnet routing & exit nodes · Tailscale Docs

Learn about the kernel and userspace modes and how they are used by subnet routers and exit nodes.

tailscale.com

 

[bearly_an_enthusiast]

Can you test whether using 192.168.50.1 does work for your WebUI, just so that we can confirm your setup is working as expected and there's not some other issue.

EDIT: (using hostname.tailXXXXX.ts.net to access the router)

Using hostname.tailXXXXX.ts.net and 192.168.50.1 works on LAN (with DNS rewrites for the former) and only with Userspace when connecting externally. SSH still not working on both modes (I know you said it wouldn't but had to try).

As per your first post, you could use tailscale serve to act as a proxy server for the router's WebUI as the httpd(s) daemons also listen on the loopback interface. For example,

tailscale serve --bg 80

or

tailscale serve --bg https+insecure://localhost:8443

Using the --bg option should allow the proxy server to persist across reboots.

This didn't work for me.

Unfortunately you can't use tailscale serve for SSH as it only supports localhost connections and dropbear doesn't listen on localhost. But I've found that tailscale's web SSH interface works quite well.

I cant use Tailscale SSH since I am not using the default port and it requires port 22 for it to work.

 

[ColinTaylor]

Thanks for the update @bearly_an_enthusiast. The fact that you can't get to 192.168.1.50 in kernel mode suggests there is a conflict between tailscale (in kernel mode) and something else configured on your router. That's probably also the reason why tailscale serve doesn't work. FWIW both those things work on my router, but I'm running a very simple router setup.

Side note: My EDIT line about hostname was intended as a header for the tailscale serve notes that followed, and was only in regard to using the hostname.tailXXXXX.ts.net (100.x.y.z) names.

 

[jksmurf]

Thanks for the update @bearly_an_enthusiast. The fact that you can't get to 192.168.1.50 in kernel mode suggests there is a conflict between tailscale (in kernel mode) and something else configured on your router. That's probably also the reason why tailscale serve doesn't work. FWIW both those things work on my router, but I'm running a very simple router setup.

Side note: My EDIT line about hostname was intended as a header for the tailscale serve notes that followed, and was only in regard to using the hostname.tailXXXXX.ts.net (100.x.y.z) names.

I’m running kernel mode in a very simple setup and can access my WebGui remotely from anywhere (tested 9000km away).